[ISN] Linux Advisory Watch - March 3rd 2006

InfoSec News isn at c4i.org
Mon Mar 6 05:30:40 EST 2006

|  LinuxSecurity.com                               Weekly Newsletter  |
|  March 3rd 2006                               Volume 7, Number 10a  |

  Editors:      Dave Wreski                     Benjamin D. Thomas
                dave at linuxsecurity.com          ben at linuxsecurity.com

Linux Advisory Watch is a comprehensive newsletter that outlines the
security vulnerabilities that have been announced throughout the
week.  It includes pointers to updated packages and descriptions of
each vulnerability.

This week, advisories were released for gpdf, pdftohtml, tutos, bmv,
xpdf, module-init-tools, udev, gnupg, gawk, dhcp, system-config-netboot,
xterm, GraphicsMagick, noweb, metamail, mplayer, squirrelmail, unzip,
gettext, tar, heimdal, and liby2util.  The distributors include Debian,
Fedora, Gentoo, Mandriva, Red Hat, and SuSE.


EnGarde Secure Linux: Why not give it a try?

EnGarde Secure Linux is a Linux server distribution that is geared
toward providing a open source platform that is highly secure by default
as well as easy to administer. EnGarde Secure Linux includes a select
group of open source packages configured to provide maximum security
for tasks such as serving dynamic websites, high availability mail
transport, network intrusion detection, and more. The Community
edition of EnGarde Secure Linux is completely free and open source,
and online security and application updates are also freely
available with GDSN registration.



ARC: A Synchronous Stream Cipher from Hash Functions
By: Angelo P. E. Rosiello and Roberto Carrozzo


We consider a simple and secure way to realize a
synchronous stream cipher from iterated hash functions. It is
similar to the OFB mode where the underlying block cipher
algorithm is replaced with the keyed hash function, adopting
the secret suffixx method[20]. We analyzed the key, the
keystream and the necessary properties to assume from the
underlying hash function for the stream cipher to be
considered secure. Motivated by our analysis we conjecture
that the most effcient way to break the proposed stream
cipher is to break the hash function or through exhaustive
search for the keyspace K of k bits, that requires O(2k)
operations. Keywords : stream cipher, key, keystream,
one-time pad cryptosystem, hash function, keyed hash

1.1 Algorithm Requirements

The algorithm should have a flat keyspace allowing any
random bit string to be a possible key.

The algorithm should make easier the key-management for
software implementations.

The typed password should not become directly the key,
else the actual keyspace is limited to keys constructed
with the 95 characters of printable ASCII1.

The algorithm should be easily modifiable satisfying
minimum or maximum requirements.

Moreover, according to basic engineering software theories,
the algorithm does not have to bind developers with static u
se of pre-defined logical block functions, but it is
important to let wide alternatives during the implementation
of the software[13, 17].

The algorithm should be simple to code, otherwise programmers
could make implementation mistakes if the structure is too

1.2 Areas of Application

Nowadays encrypting information has become a 'must', which
means that a good crypto algorithm must give to the community
the possibility to manage safe data.

Practical applications pertain to:

* Bulk Encryption: data files or a continuous data stream (e.g.
important information saved on hardisks such as databases or
any kind of secret document);

* Data Transmission: a lot of communication mediums need a
secure way to crypt exchanged information (e.g. Internet packets,
wireless connections, radio signals, etc.);

* Small Encryption: banks and commercial companies need secure
encryption methodologies to interact with customers by small
encryption technologies. Definitely, a good algorithm should be
suitable for lots of disparate situations.

Read Full Paper


EnGarde Secure Community 3.0.4 Released

Guardian Digital is happy to announce the release of EnGarde
Secure Community 3.0.4 (Version 3.0, Release 4). This release
includes several bug fixes and feature enhancements to the Guardian
Digital WebTool and the SELinux policy, and several new packages
available for installation.



Linux File & Directory Permissions Mistakes

One common mistake Linux administrators make is having file and
directory permissions that are far too liberal and allow access
beyond that which is needed for proper system operations. A full
explanation of unix file permissions is beyond the scope of this
article, so I'll assume you are familiar with the usage of such
tools as chmod, chown, and chgrp. If you'd like a refresher, one
is available right here on linuxsecurity.com.



Buffer Overflow Basics

A buffer overflow occurs when a program or process tries to
store more data in a temporary data storage area than it was
intended to hold. Since buffers are created to contain a finite
amount of data, the extra information can overflow into adjacent
buffers, corrupting or overwriting the valid data held in them.



-->  Take advantage of the LinuxSecurity.com Quick Reference Card!
-->  http://www.linuxsecurity.com/docs/QuickRefCard.pdf

|  Distribution: Debian           | ----------------------------//

* Debian: New gpdf packages fix several vulnerabilities
  27th, February, 2006

Updated package.


* Debian: New pdftohtml packages fix several vulnerabilities
  28th, February, 2006

Updated package.


* Debian: New tutos package fixes several vulnerabilities
  2nd, March, 2006

Updated package.


* Debian: new bmv packages fix arbitrary code execution
  2nd, March, 2006

Updated package.


* Debian: New xpdf packages fix several problems
  2nd, March, 2006

Updated package.


|  Distribution: Fedora           | ----------------------------//

* Fedora Core 4 Update: module-init-tools-3.2-0.pre9.0.FC4.4
  23rd, February, 2006

This module-init-tools adds a stub /etc/modprobe.conf.dist
which is included by older /etc/modprobe.conf config files.
This avoids the printing of a warning Matrox framebuffer
modules are also not autoloaded with this version.


* Fedora Core 4 Update: udev-071-0.FC4.3
  23rd, February, 2006

Updated package.


* Fedora Core 4 Update: gnupg-
  24th, February, 2006

The previous update, to version, could produce
errors when gpg attempted to read certain keyrings produced
by earlier versions of GnuPG.  This update includes a
fix for that bug.


* Fedora Core 4 Update: gawk-3.1.4-5.4
  24th, February, 2006

Updated package.


* Fedora Core 4 Update: util-linux-2.12p-9.14
  27th, February, 2006

Updated package.


* Fedora Core 4 Update: dhcp-3.0.2-34.FC4
  1st, March, 2006

Updated package.


* Fedora Core 4 Update: system-config-netboot-0.1.38-2_FC4
  1st, March, 2006

Updated package.


* Fedora Core 4 Update: xterm-208-2.FC4
  1st, March, 2006

Updated package.


* Gentoo: GraphicsMagick Format string vulnerability
  26th, February, 2006

A vulnerability in GraphicsMagick allows attackers to crash the
application and potentially execute arbitrary code.


|  Distribution: Gentoo           | ----------------------------//

* Gentoo: noweb Insecure temporary file creation
  26th, February, 2006

noweb is vulnerable to symlink attacks, potentially allowing a local
user to overwrite arbitrary files.


* Mandriva: Updated metamail packages fix vulnerability
  23rd, February, 2006

Ulf Harnhammar discovered a buffer overflow vulnerability in the way
that metamail handles certain mail messages.  An attacker could
create a carefully-crafted message that, when parsed via metamail,
could execute arbitrary code with the privileges of the user running


|  Distribution: Mandriva         | ----------------------------//

* Mandriva: Updated mplayer packages fix integer overflow
  24th, February, 2006

Multiple integer overflows in (1) the new_demux_packet function in
demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c
in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute
arbitrary code via an ASF file with a large packet length value. The
updated packages have been patched to prevent this problem.


* Mandriva: Updated squirrelmail packages fix vulnerabilities
  27th, February, 2006

Webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to
inject arbitrary web pages into the right frame via a URL in the
right_frame parameter. NOTE: this has been called a cross-site
scripting (XSS) issue, but it is different than what is normally
identified as XSS. (CVE-2006-0188)


* Mandriva: Updated unzip packages fix vulnerabilities
  28th, February, 2006

A buffer overflow was foiund in how unzip handles file name
arguments. If a user could tricked into processing a specially
crafted, excessively long file name with unzip, an attacker could
execute arbitrary code with the user's privileges.


* Mandriva: Updated gettext packages fix temporary file
  28th, February, 2006

The Trustix developers discovered temporary file vulnerabilities in
the autopoint and gettextize scripts, part of GNU gettext.  These
scripts insecurely created temporary files which could allow a
malicious user to overwrite another user's files via a symlink
attack. The updated packages have been patched to address this


|  Distribution: Red Hat          | ----------------------------//

* RedHat: Moderate: tar security update
  1st, March, 2006

An updated tar package that fixes a buffer overflow bug is now
available for Red Hat Enterprise Linux 4.  This update has been rated
as having Moderate security impact by the Red Hat Security Response


|  Distribution: SuSE             | ----------------------------//

* SuSE: Subject: [suse-security-announce] SuSE Security Announcement:
heimdal (SUSE-SA:2006:010)
  24th, February, 2006

Updated package.


* SuSE: Subject: [suse-security-announce] SuSE Security Announcement:
heimdal (SUSE-SA:2006:011)
  24th, February, 2006

Updated package.


* SuSE: kernel various security problems
  27th, February, 2006

Updated package.


* SuSE: gpg,liby2util signature checking
  1st, March, 2006

Updated package.


Distributed by: Guardian Digital, Inc.                LinuxSecurity.com

     To unsubscribe email vuln-newsletter-request at linuxsecurity.com
         with "unsubscribe" in the subject of the message.

More information about the ISN mailing list